I'm writing a code where I can register people and allow them to login. Here I save details such as email and password of a customer who is a subclass of person. When I try to login with the given credentials, even though I give a valid email and a valid password it gives "Wrong Password!!" error. It is the same when I give valid username and an invalid password which is okay. It gives an error saying "No such email found!" when an invalid email is given, which is also fine.
Here is my customer controller which is associated with the issue.
if(customer.getPassword() != existingCustomer.getPassword())
I want to make it possible that when I enter a valid password and a valid email, it redirects to viewCustomer. What is wrong with the above code? How can I fix it?
When I try to login with the given credentials, even though I give a valid email and a valid password it gives "Wrong Password!!"
Email is valid but you are comparing password in wrong way. Compare in this way:
if(customer.getPassword().equals(existingCustomer.getPassword()))
Related
Got laravel's password reset setuped correctly and working, now whats left is how to verify if the reset token exists in the password_resets table and proceed if valid. At the moment if I type in my url example.com/password/reset/somestuff it redirects me to the page where it asks for email and password, so there's no security :)
Thanks and I hope you understood my question.
You can use the laravel query builder to make this check. For example:
if(DB::table('table_name')
->where('user', $user)
->whereNotNull('token')
->exists()){
do something
}
https://laravel.com/docs/5.6/queries
I'm developing a app where I need to change the password of the logged in user. where I don't need OrderCloud.PasswordResets() which will send email to my mail. I need to change the password without triggering email.
I followed below approach but I'm getting error:
OrderCloud.Me.Patch({"Password": "1234567889"});
Response:
{"Errors":[ {"ErrorCode":"IdExists","Message":"User already
exists.","Data":null} , {"ErrorCode":"InvalidRequest","Message":"User
already exists.","Data":null} ,
{"ErrorCode":"ServerError","Message":"An unknown error has occurred on
the server.","Data":null} ]}
Request URL:https://api.ordercloud.io/v1/me
Edit: Upon further investigation, this error would be thrown if somehow you have users with duplicate usernames under the same organization. If you remove the duplicate usernames and try again, your issue should be resolved.
You should format your request like this, without the quotes on Password:
OrderCloud.Me.Patch({Password: "1234567889"});
Is there any way to tell on the client side if a users credentials are invalid? When I intentionally break a users credentials (change username), they are getting an generic error 101 (kPFErrorObjectNotFound). How can I prompt a user to resolve a a legitimate account issue?
I get the security implications of oversharing with error codes, but even a general "something is wrong with authentication" would help. Maybe there's no harm is prompting after error 101, but I'm not when else that error is used.
You could add a cloud function that you call and it checks if it has a user. If the user is correctly logged in then the passed token is converted into a user for the cloud code to access. Your cloud code can then return a simple response code which indicates if the login is valid or not.
I am trying to setup a custom account verification and password reset page on my own domain but I am getting errors when reset the password. If followed the instructions in the link below but it always fails.
http://docs.appcelerator.com/arrowdb/latest/#!/api/Users-method-request_reset_password
I have setup a page with the URL structure https://example.com/resetPassword/?reset_password_token={{reset_password_token}}.
This is the URL in the reset password email, when I clicking on the link in the email the page load with the form fields visible. On entering the new password the following is passed to GET request is passed to appcelerator.
https://api.cloud.appcelerator.com/v1/users/reset_password.json?key={{app_key}}&reset_password_token={{reset_password_token}}&password={{password}}&password_confirmation={{password_confirmation}}
The response text is:
"{ "meta": { "status":"fail", "code":400, "message":"Failed to reset password: reset_password_token is invalid", "method_name":"resetPassword" } } "
Everything looks fine to me as far I can see and when using the standard URL structure below it works fine.
https://platform.appcelerator.com/#/users/reset_password/{{key}}/{{reset_password_token}}
I found the answer here:
https://archive.appcelerator.com/topic/2838/custom-password-reset-page-bad-request-reset_password_token-is-invalid/3
Basically, you need to add key={{key}} in your email template, and send that along with the url to appcelerator from your form. Also add ct=enterprise to the url parameters.
Doing this i got it working. Had the same problem with invalid reset token. Appearantly you are not supposed to use your own app key, but the {{key}} in the template instead.
I am using authlogic for authentication through API
I want to implement if user forgot his password then api send an autogenerated password to user's email account , I don't want to send instructions for password resetting to user email
I am not getting how to update password in database for that user record.
I have tried to reset password this way
#user.password = Params[:password]
#user.password_confirmation = params[:password_confirmation]
I searched alot not getting what exactly it needs to set password this way and I search in authlogic documentation but not getting whether these will be helpful for me.
thanks